Incident ResponseOur Experienced Cyber Incident Response Team Are Available 24x7 to Help Clients Find and Neutralise Threats Quickly
We are incident response specialists who spend 95% of our time making sure our clients don’t need to respond to incidents with our Cyber Risk Remediation and Managed Security Operations. However, our experienced cyber incident response team are available 24 hours a day to help clients find and neutralise threats quickly and effectively.
Secrutiny Incident Response Methodology
If a potential cyber incident or breach should be discovered or suspected, it is critical that rapid and forensically-sound techniques are utilised to validate, investigate and remediate.
Secrutiny follow a proven three-step ‘Triage’ Incident Response methodology when approaching each cyber incident, ensuring clients are back to normal business operations with minimal disruption and downtime.
This ‘triage’ procedure is what makes Secrutiny’s Incident Response Methodology more efficient than traditional ‘ball-of-string’ practices which focus on evidence collection based upon IOC-following. IOCs are not “threat intelligence” until they are understood in context to risks your organisation may (or has) encountered. Consequently, the cost in terms of resources (people, tools, time) and related financial costs is as long as the “ball-of-string” as you never know where the string will lead or how long it is.
Secrutiny Incident Response Process
Data Sweep and Incident Scoping
Secrutiny’s Cyber Risk Audit process and native tools are utilised to correlate and analyse host and network data from all accessible hosts to determine the scope of the incident and identify ‘systems of interest’ to focus investigation on relevant systems first.
Forensic Collection and Investigation
Systems of Interest are interrogated using forensic tools to find anomalies in configuration/build, user behaviour/history and network settings/use, until the investigation narrows to specific ‘hosts of interest’.
Hosts of interest are examined in greater detail utilising forensic host memory, disk and network data to create “the story behind the compromise and its activity”.
After thorough investigation, Secrutiny will deliver a Forensic Investigation Report detailing:
- Summary of findings
- Incident timeline
- Recommendations to contain or remediate
Incident Containment and Remediation
Secrutiny will support the activity necessary to contain and remediate the incident, such as eradicating infections, rebuilding hosts and remediating configurations; ensuring clients are back to normal business operations with minimal disruption and downtime.
Continued support from Secrutiny’s experienced incident response team to prevent the attackers re-establishing a foothold.
Top Tip for Expedited Incident Response
Organisations that have an established System of Record will benefit from a vastly more efficient Incident Response, investigating and curtailing the breach in hours, rather than weeks. This is because the System of Record provides an informed data lake to interrogate, jump-starting the process and avoiding many days and weeks of otherwise-necessary effort.